TODAYS TOP STORIES
Oklahoma Hacked: The Security Flaws That Put Your Information at Risk
Hackers are always working to get your money or your personal information. You have undoubtedly seen the emails or received the phone calls that want you to give up details about your life or bank account. Those hacking attacks don t stop even when you are at work; even if you work for the state.
I can't tell you how many times I ve seen that fishing scam where you get the notification your email inbox is full, said Alex Pettit, Oklahoma s Chief Information Officer.
Pettit is in charge of the state s information technology, or IT, network. Legislation a few years ago put his office in charge of consolidating the state s computer system and all the various IT departments.
At first the consolidation began an agency at a time, but Pettit soon made an alarming discovery. We'd found that many of the groups had not had very good security practices in place.
Those security holes included missing anti-virus and anti-spam software to faulty firewalls. In some cases agencies tried to cut corners on their budgets by not updating or not paying for virus protection. In some cases we had agencies that were running freeware software for their virus protection, Pettit told Fox 25. Or they had purchased virus protection software, but they had let the licensing lapse.
Those security mistakes were prominent within the Oklahoma Department of Tourism. It was during consolidation that Pettit s team discovered hackers had managed to infiltrate computers used as cash registers at one tourism location. Hackers installed malware designed to find and send out banking information. Emails received by Fox 25 reveal there were multiple computers infected by malware at various Tourism locations. However it appears only one computer had all the software needed to complete the invasive program.
Pettit says ultimately they only believe two people s personal information was compromised. Though when asked if they are certain the breech only affected two individuals Pettit said, The direct answer to the question is we don't know what we don't know.
If you can't trust the folks you do business with then you're not going to do business with them. Pettis says they cleared up the tourism security holes and moved immediately to make security solutions a priority for every agency regardless of if they had gone through the IT consolidation.
However the problems do not end there. It turns out the Tax Commission is also putting your personal information at risk because of its encryption procedures. Potentially we have a vulnerability, Pettit said.
Right now when your tax records are sitting on the state server, or at rest, they are not encrypted. While there are other security procedures in place to help block hackers, Pettit says encryption is a helpful final block against hackers. We have different security protocols and what kind of remote access we allow, Pettit said.
However the at rest data encryption is the same security flaw that hackers exploited in South Carolina. The world learned of that hack in October of 2012. Oklahoma was aware that just like South Carolina, all it takes is a careless employee to fall for a phishing scam and give out access codes to put records at risk.
The hackers in South Carolina compromised nearly 4 million tax records, so you would think Oklahoma would be eager to prevent a similar attack. Pettit wanted to move the tax records to a more secure server. When that is accomplished all that data when it is at rest will be encrypted.
However the Tax Commission requested a delay in making their servers secure. Pettit said the commission wanted the delay to get them through the busy tax season; a time when all Oklahomans are required by law to get their information in on time.
The tax commission refused multiple requests for an interview on this subject saying they would not discuss security procedures. However no one from the agency would answer questions about why they did not immediately move to ensure Oklahomans tax records were safe when hackers proved the same vulnerability could be exploited.
Instead the agency released a statement that said they comply with the Internal Revenue Service s guidelines for security. In addition the statement from communications director Paula Ross said, The agency also utilizes COBIT, the security standards used by the State of Oklahoma s State Auditor and Inspector as another primary source of security control guidance. Furthermore, for a number of years the OTC has hired a nationally-known security firm to conduct Network Penetration Audit and Vulnerability Assessments in addition to Internet and Dial-up Vulnerability Assessments.
Pettit says because state employees still have to do their jobs and work with sensitive data we will never be able to make our network hack proof. However he says implementing standards for security will help make sure it is less likely information will be compromised.
Still the biggest threat to the state s network is still out there. The greatest vulnerability we have is from our own people. Pettit said that is why education and practicing good security procedures is necessary to make sure mistakes do not happen.
Posted: Thursday, February 7 2013, 09:57 PM CST
IN OKLAHOMA NEWS
Search continues in creek for missing Okla. teen
May 25, 2013 22:59 GMT
KINGFISHER, Okla. (AP) -- Authorities continue to search for a Kingfisher teenager who disappeared after jumping into Uncle John Creek.
Police say 17-year-old Taylor Faine jumped into the creek Thursday and did not resurface. Kingfisher Fire Chief Randy Poindexter told The Oklahoman (http://bit.ly/10s2oB6 ) on Saturday that manmade dams have been built in hopes of finding Faine's body.
Authorities say Faine was swimming with friends in an area where no swimming signs are in place because of dangerous currents in the creek.
Sometimes the stories with the most impact come directly from the viewers. If you have a story that needs to be told, we want to hear it. Fill out the form below and let us know what stories need to be told.
From the FOX 25 First Forecast Center..
For Sunday, temps will start off in the mid to upper 60s under mainly cloudy skies. Clouds will gradually move out and skies will be mainly sunny during the afternoon. ...
US durable goods orders rise 3.3 percent in April
WASHINGTON (AP) -- U.S. orders for long-lasting manufactured goods rebounded in April, buoyed by more demand for military and civilian aircraft and an increase in business investment.
BC-US--Dow Record-Three Personal Stories, 1st Ld-Writethru,1173
Dow Record: Three tales of ups, downs and changes
AP Photo FX102, FX103
Eds: With BC-US--Dow Record. Adds photos.
By SCOTT MAYEROWITZ
AP Business Writer
NEW YORK (AP) -- When the Dow first crossed 14,000, investors were overjoyed. ...
IN THE NEWS: RESTAURANT FLAP LEADS TO INTERNET MELTDOWN
SCOTTSDALE, Ariz. (AP) -- It isn't exactly to curry favor with your restaurant customers -- even if your specialty isn't curry.